Password hashing

LuckyRiver

Hi,

I was doing some refactoring work on my custom authentication module which has already support for numerous authentication boards (XF, IPB, Modx, phpBB3, SMF) but it lacks Vanilla support. Thus, I just downloaded the Vanilla core to try out. I looked at the database and saw that hashed password is stored.
I need to match that stored hashed password but I don't know what kind of encryption Vanilla uses?

There are several columns in gdn_user. I see HashMethod has Vanilla as value.

1. HashMethod
   Vanilla

What kind of hash method that vanilla supports so I can pick up the right one to encrypt?

Password
$P$BoMsbHPGJRRH8EWxEoKcUm/Zx.8BQv1

2. And as for the Attributes column, what is the use of the Attributes , is it a salted key?

a:1:{s:12:"TransientKey";s:12:"7U8HWPSD4O1V";}

Ideally I like to know if salted key is used. If not any specific configuration prior to hash like iteration number ...

Any help is appreciated!

Thanks!

LR

Tama

for the hash, check this search https://github.com/vanillaforums/Garden/search?q=hash&type=Code I believe Vanilla uses an external hashing library

LuckyRiver

Thx Tama!

Exactly, it simply uses http://www.openwall.com/phpass/ similarly done with phpBB3. Thus, it requires no much code to get the password matched!

LuckyRiver

Site demo will be up this coming weekend as I've fully integrated and tested authentication! Please join to test drive Texas Hold'em playing with bots or friends. I'll post link to demo the game. Is there any portal plug-in I can use with Vanilla?

UnderDog

@LuckyRiver said:
Is there any portal plug-in I can use with Vanilla?

VanillaCMS had potential. It all depends on what you want to achieve. Would you like to re-create PHP-Nuke?

LuckyRiver

I need something similar to Xenforo xenporta or IPB Content to feed block of data from various source (database, json stream, ....) . I'm working on the Leaderboard which displays player's name, balance ... Could VanillaCMS provide such features? Thanks, I'll check it out.

x00

It is more like a basic CMS. This wouldn't be a plugin anyway. More of an Application.

Vanilla is built ontop of the Garden framework (MVC) in fact when you download vanilla you are getting the garden core, dashboard, vanilla, and conversations.

However if you aren't going to do the development find a suitable candidate then integrate.

LuckyRiver

Here you go:

Registration: http://holdemfever.net/vanilla

Texas Hold'em: http://holdemfever.net:8181/poker/cubeiaclassic

To access game, use same user/password as your forum account.
To see avatar in game, you must have forum photo uploaded.

For the game to start, it needs to be 2 people to sit at the same table!

Game is open source, thus free to install on any vps/dedicated server with root account.